John,
My notes say that we are expecting a new draft of digest
authentication from the authors, of which you are one.
It was my impression that this new draft would include:
* Adding an algorithm parameter.
* Describe in detail construction of nonces.
Here there are a number of tricks already in use which ensure that
a nonce is only valid for requests comming from a single TCP/IP
address.
* Fix dependence on 'extension mechanism'.
* Enhance 'security considerations' section to explain limitations.
and that the latter part would cover in sufficient detail the issues
raised in the various critiques of Digest Authentication, so that
those who were considering this extension would be fully informed.
With these edits, we might be able to move forward with "Digest".
Without them, I don't see that we can.
Your note left me with the impression that you are unaware of any
plans to update the specification.
Did I just imagine that we were going to see a revised draft? If not
from you, from whom?